package cc.wanforme.st.server.config;


import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import cc.wanforme.st.server.authen.filter.MRememberMeFilter;
import cc.wanforme.st.server.authen.service.TokenService;
import cc.wanforme.st.server.base.service.IAdminService;
import cc.wanforme.st.server.base.service.IUserService;
import cc.wanforme.st.server.authen.service.AuthService;

/**Spring 安全配置
 * @author wanne
 * 2020年4月26日
 * 
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter{
	/*
	 * @EnableGlobalMethodSecurity(prePostEnabled=true) 最后一个注解启用方法级的安全控制，
	 * 控制层方法前加上 @PreAuthorize("hasAuthority('permission')")要求具有permission权限、或@PreAuthorize("hasRole('USER')")要求为USER角色
	 * 
	 * 注： @PreAuthorize("hasRole('USER')") 判断角色, SimpleGrantedAuthority 的 role 有 'ROLE_' 前缀则表示角色，没有则表示权限。
	 * 例如:  new SimpleGrantedAuthority("ROLE_USER"); 表示 'USER' 角色 
	 */

	private TokenService mTokenService;
	private AuthService authService;
	private IAdminService adminService;
	private IUserService userService;
	
	/** 自定义路径的权限*/
	@Override
	public void configure(HttpSecurity http) throws Exception {
		//使用 @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled=true) 之后， 就只能使用注解 @PreAuthorize 来认证了。默认所有请求不需要认证。
		http
			.authorizeRequests()
//			.antMatchers("/vcs/test/1").permitAll();
//			.antMatchers("/test/1").permitAll();
			.antMatchers("/**").permitAll();
		
		//在验证前，将验证信息添加到 SecurityContext 中
		http.addFilterBefore(rememberMeFilter(mTokenService, authService, adminService, userService), 
				UsernamePasswordAuthenticationFilter.class);
		
		// TODO 待验证
		http.csrf().disable(); //允许跨域伪造请求
		//http.cors().disable(); 
	}

//	@Bean
	/** 自定义记住我过滤器*/
	public MRememberMeFilter rememberMeFilter(TokenService mTokenService,
			AuthService authService, IAdminService adminService, IUserService userService) {
		return new MRememberMeFilter(mTokenService, authService, adminService, userService);
	}
	
    @Autowired
    public void setmTokenService(TokenService mTokenService) {
		this.mTokenService = mTokenService;
	}
    @Autowired
    public void setUserRoleAuthService(AuthService authService) {
		this.authService = authService;
	}
    @Autowired
    public void setAdminService(IAdminService adminService) {
		this.adminService = adminService;
	}
    @Autowired
    public void setUserService(IUserService userService) {
		this.userService = userService;
	}
}
